<?php

/*
  Author: Hallvard Westman
  Project: EBBS


  <!--*******************Common functions********************-->
 */

//---------------------------------------------------------------
function NewBlogPost() {
    include 'db.php';
    //inserts data from editor
    $error = false;
    $sql = 'INSERT INTO Blogpost (Userid, Title, Text, Created)
			VALUES(:Userid, :Title, :elm1, :now)';

    $sth = $db->prepare($sql);
    $sth->bindParam(':Userid', $_GET['id']);
    $sth->bindParam(':Title', $_POST['Title']);
    $sth->bindParam(':elm1', $_POST['elm1']);
    $sth->bindParam(':now', $_POST['now']);

    $res = $sth->execute();

    $res = $db->query('SELECT LAST_INSERT_ID() as id');
    $row = $res->fetch();
    $id = $row['id'];
    if ($res === false)
        $error = 'Kunne ikke sette inn data i databasen!.';
    if ($error) {
        header("location: newblopost.php?id)" . $id);
        exit();
    }


    //Form input
    include 'editor.php';
}

//---------------------------------------------------------------

//EDITPOST - funker dårlig..

function EditBlogPost() {
    include 'db.php';

     $userid= $user->getID();
     $blogpostid=$_GET['id'];
     $sql = 'SELECT * FROM blogpost WHERE BlogpostID = :blogpostid AND UserID = :userid';
     $sth = $db->prepare($sql);
     $sth->bindParam (':userid', $userid);
     $sth->bindParam (':blogpostid', $blogpostid);
     $sth->execute();
     $row=$sth->fetch();



    //inserts data from editor
    $error = false;
    $sql = 'UPDATE Blogpost SET Title = :Title , Text =:elm1, Created = :now WHERE BlogpostID= :blogpostid';

    $sth = $db->prepare($sql);
    $sth->bindParam(':Title', $_POST['Title']);
    $sth->bindParam(':elm1', $_POST['elm1']);
    $sth->bindParam(':now', $_POST['now']);

    $res = $sth->execute();

    $res = $db->query('SELECT LAST_INSERT_ID() as id');
    $row = $res->fetch();
    $id = $row['id'];
    if ($res === false)
        $error = 'Kunne ikke sette inn data i databasen!.';
    if ($error) {
        header("location: newblopost.php?id)" . $id);
        exit();
    }


    //Form input
    include 'editpost.php';
}

//---------------------------------------------------------------

function flagPost($blogpostid) {
    include 'db.php';
    $Postid = $blogpostid;
    if (isset($_POST['bid'])) {




        $sql = 'SELECT * FROM Blogpost WHERE BlogpostID = :PostID';
        $sth = $db->prepare($sql);

        $sth->bindParam(':PostID', $Postid);
        $sth->execute();
        if ($row = $sth->fetch()) {
            $flagged = $row['Flagged'] + 1;
            $sql2 = 'UPDATE Blogpost SET Flagged = :flagged WHERE BlogpostID = :PostID';
            $sth = $db->prepare($sql2);
            $sth->bindParam(':flagged', $flagged);
            // $sth->bindParam(':UserID', $userid);
            $sth->bindParam(':PostID', $Postid);
            $sth->execute();
        }
        header('location:post.php?id=' . $Postid);
    }

    echo "<form method='post' action=''>
        <input type='hidden' name='bid' value='$blogpostid'>
        <input type='submit' name='flag' value='FlagPost'/></form>";
}

//---------------------------------------------------------------
function GetBlogPosts($number) {
    include 'db.php';

    $userid = $_GET['id'];
    $sql = 'SELECT * FROM Blogpost WHERE UserID = :UserID';
    $sth = $db->prepare($sql);
    $sth->bindParam(':UserID', $userid);
    $sth->execute();
    $i = 0;
    //displays all posts as long as if
    while ($row = $sth->fetch()) {
        //*****CHANGE THIS, a certain number of posts by param
        if ($i < $number) {
            echo "<a href='post.php?id={$row['BlogpostID']}'>{$row['Title']}</a><br/>";
           // echo $row['Text'];
            //echo "<a href='post.php?id={$row['BlogpostID']}'>kommentarer</a><br/><br/>";
            $i++;
        }
        else
            exit;
    }
}

//---------------------------------------------------------------
//VIS KOMMENTARER
function showcomment($blogpostid) {
    include 'db.php';

    $sql = 'SELECT * FROM comment WHERE BlogpostID= :blogpostid';

    $sth = $db->prepare($sql);
    $sth->bindParam(':blogpostid', $blogpostid);
    $sth->execute();
    while ($row = $sth->fetch()) {
        echo "<br/><br/>";
        echo "Author: {$row['Username']}";
        echo "<br/>";
        echo $row['Text'];
//FLAGG
        if (isset($_POST['cid'])) {

            $commid = $_POST['cid'];
            $sql = 'SELECT * FROM comment WHERE CommentID = :CommID';
            $sth = $db->prepare($sql);
            $sth->bindParam(':CommID', $commid);
            $sth->execute();
            if ($row = $sth->fetch()) {
                $flagged = $row['Flagged'] + 1;
                $sql2 = 'UPDATE comment SET Flagged = :flagged WHERE  CommentID = :CommID';
                $sth = $db->prepare($sql2);
                $sth->bindParam(':flagged', $flagged);
                $sth->bindParam(':CommID', $commid);
                $sth->execute();
            }
            header('location: post.php?id=' . $blogpostid);
        }
        echo "<form method='post' action=''>
                     <input type='hidden' name='cid' value='{$row['CommentID']}'>
                     <input type='submit' name='flag' value='FlagComment'/></form>";
        echo "<br/>";
    }
}

//---------------------------------------------------------------

//SLETT POST ADMIN
function deleteComment($blogpostid) {
    include 'db.php';
    $msg = 'Slettet av admin';

    $sql = 'Select * from Comment where Flagged > 0 AND Deleted = 0 AND BlogpostID =:blogpostid';
    $sth = $db->prepare($sql);
    $sth->bindParam(':blogpostid', $blogpostid);
    $sth->execute();

    while ($row = $sth->fetch()) {
        $cid = $row['CommentID'];
        echo "<br/><br/>";
        echo $cid;
        echo "<br/>";
        echo "Author: {$row['Username']}";
        echo "<br/>";
        echo $row['Text'];

        echo "<form method='post' action='post.php?id=$blogpostid'>
        <input type='hidden' name='CommentID' value='$cid'/>
        <input type='submit' name='commentDel' value='Delete Comment'/></form>";
    }
    if (isset($_POST['commentDel'])) {
        $sql = 'UPDATE comment SET Deleted = 1, Text=:text WHERE CommentID = :CID';

        $sth = $db->prepare($sql);
        $sth->bindParam(':CID', $_POST['CommentID']);
        $sth->bindParam(':text', $msg);
        $sth->execute();
    }
}

//SLETT INNLEGG ADMIN

function deletePost($blogpostid) {
    include 'db.php';
    $msg = 'Slettet av admin';


    echo "<form method='post' action='post.php?id=$blogpostid'>
        <input type='hidden' name='BlogpostID' value='$blogpostid'/>
        <input type='submit' name='postDel' value='Delete Post'/></form>";


    if (isset($_POST['postDel'])) {
        $sql = 'UPDATE blogpost SET Deleted = 1, Text=:text WHERE BlogpostID = :blogpostid';

        $sth = $db->prepare($sql);
        $sth->bindParam(':blogpostid', $_POST['BlogpostID']);
        $sth->bindParam(':text', $msg);
        $sth->execute();
    }
}

//SLETTE KOMMENTAR BRUKER

function UserDeleteComment($blogpostid) {
    include 'db.php';
    $msg = 'Slettet av bloggens eier';

    $sql = 'Select * from Comment where BlogpostID =:blogpostid';
    $sth = $db->prepare($sql);
    $sth->bindParam(':blogpostid', $blogpostid);
    $sth->execute();

    while ($row = $sth->fetch()) {
        $cid = $row['CommentID'];
        $del = $row['Deleted'];
        echo "<br/><br/>";
        echo $cid;
        echo "<br/>";
        echo "Author: {$row['Username']}";
        echo "<br/>";
        echo $row['Text'];

        if ($del == 0) {
            echo "<form method='post' action=''>
        <input type='hidden' name='CommentID' value='$cid'/>
        <input type='submit' name='commentDel' value='Delete Comment'/></form>";
        }
    }
    if (isset($_POST['commentDel'])) {
        $sql = 'UPDATE comment SET Deleted = 1, Text=:text WHERE CommentID = :CID';

        $sth = $db->prepare($sql);
        $sth->bindParam(':CID', $_POST['CommentID']);
        $sth->bindParam(':text', $msg);
        $sth->execute();
    }
}

//SLETT POST BRUKER

function UserDeletePost($blogpostid) {
    include 'db.php';
    $msg = 'Slettet av bloggens eier';


    echo "<form method='post' action='post.php?id=$blogpostid'>
        <input type='hidden' name='BlogpostID' value='$blogpostid'/>
        <input type='submit' name='postDel' value='Delete Post'/></form>";


    if (isset($_POST['postDel'])) {
        $sql = 'UPDATE blogpost SET Deleted = 1, Text=:text WHERE BlogpostID = :blogpostid';

        $sth = $db->prepare($sql);
        $sth->bindParam(':blogpostid', $_POST['BlogpostID']);
        $sth->bindParam(':text', $msg);
        $sth->execute();
    }
}

function block($user)    {
    include 'db.php';


  echo "<form method='post' action=''>
        <input type='hidden' name='UserID' value='$user'/>
        <input type='submit' name='Block' value='Block user'/></form>";


    $sql = 'UPDATE user SET Blocked = 1 WHERE UserID = :UserID';
    $sth = $db->prepare($sql);
    $sth->bindParam(':UserID', $user);
    $sth->execute();

}